Firewalld error

[neofita2]

Hi
I have the following error, but I cannot understand what I need to fix

Code: Select all

avr 01 05:49:21 localhost.localdomain firewalld[5075]: WARNING: ip6tables not usable, disabling IPv6 firewall.
avr 01 05:49:21 localhost.localdomain firewalld[5075]: ERROR: '/usr/sbin/iptables-restore -w -n' failed: iptables-restore v1.4.21: unknown option "16"
                                                       Error occurred at line: 17
                                                       Try `iptables-restore -h' or 'iptables-restore --help' for more information.
avr 01 05:49:21 localhost.localdomain firewalld[5075]: ERROR: COMMAND_FAILED: Direct: '/usr/sbin/iptables-restore -w -n' failed: iptables-restore v1.4.21: unknown option "16"
                                                       Error occurred at line: 17
                                                       Try `iptables-restore -h' or 'iptables-restore --help' for more information.

[aks]

Line 17 of the firewall rules contains the invalid 16.
Usually the files are in /etc/firewalld/*/*.xml (although you could have edited "system" provided files to a similar effect).
Assuming firewalld (rather than "raw" iptables) here.
Otherwise, what did you do? How did the invalid thing get in there in the first place?

[neofita2]

I believe that was this command

firewall-cmd --permanent --new-service=zabbix

[aks]

So is zabbix a known service to firewalld (and if it is, is it a valid configuration file)?

[neofita2]

I do not how to remove it
/etc/firewalld/services/zabbix.xml

Code: Select all

<?xml version="1.0" encoding="utf-8"?>
<service>
  <short>Zabbix</short>
  <description>Allow services for Zabbix server and agent</description>
  <port protocol="tcp" port="10050"/>
  <port protocol="tcp" port="10051"/>
</service>

[neofita2]

I tried to remove all the informations inside this 3 files

/etc/firewalld/services/zabbix.xml
/etc/firewalld/zones/public.xml
/etc/firewalld/zones/internal.xml


for example

One by one and I have the same problem

Code: Select all

<?xml version="1.0" encoding="utf-8"?>
<zone>
  <short>Public</short>
  <description>For use in public areas. You do not trust the other computers on networks to not harm your computer. Only selected incoming connections are accepted.</description>
  <service name="ssh"/>
  <service name="dhcpv6-client"/>
  <service name="nfs"/>
  <service name="mountd"/>
  <service name="rpc-bind"/>
  <port protocol="tcp" port="443"/>
  <port protocol="tcp" port="10050"/>
  <rule family="ipv4">
    <source address="33.X.X.0/24"/>
    <port protocol="udp" port="100-1023"/>
    <accept/>
  </rule>
</zone>

become

Code: Select all

<?xml version="1.0" encoding="utf-8"?>
<zone>
  <short>Public</short>
  <description>For use in public areas. You do not trust the other computers on networks to not harm your computer. Only selected incoming connections are accepted.</description>

</zone>

[aks]

So apparently, you've removed the zabbix.service file (as in rm -f /etc/firewalld/services/zabbix.xml) and still have an error, well in that case it can't be the zabbix service (unless there's also one under the "system" place in /usr/lib/firewalld/....

Also remember that zones are not the same as services (as in /etc/firewalld/services/zabbix.xml and /etc/firewalld/zones/public.xml - see the difference?)

Please post the output of:

sed -i s/'FIREWALLD_ARGS='/'FIREWALLD_ARGS=--debug'/ /etc/sysconfig/firewalld # switches on debug argument to firewalld
systemctl is-active firewalld && systemctl restart firewalld || systemctl start firewalld ; systemctl status -l firewalld

and (depending on what's there):

journalctl -u firewalld --no-pager -S today

[neofita2]

here the results

Code: Select all

cat /etc/sysconfig/firewalld 
# firewalld command line args
# possible values: --debug
FIREWALLD_ARGS=--debug

Code: Select all

avr 10 08:15:43 localhost firewalld[27857]: WARNING: ip6tables not usable, disabling IPv6 firewall.
avr 10 08:15:43 localhost firewalld[27857]: ERROR: '/usr/sbin/iptables-restore -w -n' failed: iptables-restore v1.4.21: unknown option "16"
                                                         Error occurred at line: 17
                                                         Try `iptables-restore -h' or 'iptables-restore --help' for more information.
avr 10 08:15:43 localhost firewalld[27857]: ERROR: COMMAND_FAILED: Direct: '/usr/sbin/iptables-restore -w -n' failed: iptables-restore v1.4.21: unknown option "16"
                                                         Error occurred at line: 17
                                                         Try `iptables-restore -h' or 'iptables-restore --help' for more information.
                                                         

Code: Select all

cat /etc/firewalld/services/zabbix.xml
<?xml version="1.0" encoding="utf-8"?>
<service>
  <short>Zabbix</short>
  <description>Allow services for Zabbix server and agent</description>
  <port protocol="tcp" port="10050"/>
  <port protocol="tcp" port="10051"/>
</service>

Thank you for your help, since I really do not see it how to fix it

[aks]

We're just running in circles here.

You have NOT removed the zabbix service and maybe that is not the issue at all (there's no evidence either way, that premise hinges on something you previously said).

I have validated that XML file you posted (/etc/firewalld/services/zabbix.xml) - unless of course you actually on Windows and copied and pasted, rather than your host is Linux and copied and pasted. Encoding is different between Windows and Linux, by default.

The key issue still exists at line 17, with unknown option "16" - so what has 16 in it? You *seem* to do doing "direct" rules - do you know if that is case? Do you understand firewalld?

Perhaps grep -r 16 /etc/firewalld/* may yield clues. And if not try on the "system" rulesets (in /usr/lib/firewalld/)